A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm,

Slides:

Advertisements

Similar presentations

Secure Single Sign-On Across Security Domains

Advertisements

Solving the Middleware Puzzle Ton Verschuren - SURFnet JISC – SURF – Internet2 workshop Oxford, September 19-20, 2002.

3rd Campus Grid SIG Meeting. Agenda Welcome OMII Requirements document Grid Data Group HTC Workshop Research Computing SIG? AOB Next meeting (AG)

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Contrail and Federated Identity Management

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Introducing A-Select … towards the next 700 authentication methods Utrecht, Maarten Koopmans.

1 SURFnet PKI efforts TERENA PKI-COORD meeting 6 December 2000 Ton Verschuren – Innovation Manager - SURFnet.

1 PKI update Operational service: pki.surfnet.nlpki.surfnet.nl –8 orgs certified, 2 underway –Non-RFC2527 compliant CPS –Medium security LOA –Demo’s for.

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Do you like to puzzle? …build an AA Infrastructure! DELAMAN Access Group Workshop November, 30th, 2004 xxx.

GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,

The EC PERMIS Project David Chadwick

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

WebISO Survey of Technologies & Requirements Nathan Dors University of Washington CAMP, June 4-6, 2003 Copyright 2003 Nathan Dors. This work is the intellectual.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,

Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Authorization Use Cases Identity and Authorization Services Working Group (IAS-WG) April, 2010.

4/1/2003Application Server Standards Application Server Standards for ITSS Bruce Vincent, ITSS Technology Strategist.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

PKI interoperability and policy in the wireless world.

USCGrid A (Very Quick) Introduction To PubCookie

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

Shibboleth A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce.

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story Maarten Koopmans SURFnet,

1 © SURFnet 2001 Roadmap to European Middleware Is it different? TERENA Networking Conference Antalya, May 2001.

Telenor R&DMobile Terminals Group 1 Four-in-one: Your mobile integrates them all Security Requirement Nice to know Need to know Have to know Examples:

Shibboleth for Local Attribute Delivery 21 June 2007.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

World Domination in AuthN space Starting in the Netherlands… TF-AACE workshop, Malaga, November 2003 Ton Verschuren SURFnet.

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

January 9, 2002 Internet2 WebISO Project RL "Bob" Morgan, University of Washington.

Campus Experience: Pubcookie University of Alabama at Birmingham Academic Computing Zach Garner.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Module 10: Providing Secure Access to Remote Offices.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Calendar Agent System Under the guidance of Dilip Maripuri B.Sc. (Hons) CSE Final Year Project Presentation June 12, 2006 Yannick Lew Yaw Fung Dilraj Mathoora.

Josef Noll Payment and Access 1 Payment and Access through the Mobile Phone Josef Noll 1,2, Erzsébet Somogyi 3, Gyorgy Kalman 1, Ola Høiby 1 1.

Campuses New to Shibboleth: WebSSO Barry Johnson

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

AuthLite 2-Factor for Windows Administration

Federation made simple

CAS and Web Single Sign-on at UConn

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Public Key Infrastructure from the Most Trusted Name in e-Security

Open Source Web Initial Sign-On Packages

MyProxy Integration with PubCookie

Shibboleth Deployment Overview

Presentation transcript:

A-Select: Hitchhiking in authentication space Ton Verschuren Innovation Management – SURFnet – NL TERENA TF-AACE workshop, Stockholm, 26 November 2002

2 Rationale for A-Select A-Select is a weblogin system like pubcookie Separation between authN and authZ Better security thru stronger (local) authN New authN methods shouldn’t bother apps We’re looking for authN means that users already have: hitchhiking! Differentiate between various levels of assurance

3 A-Select overview Local A-Select Server A-Select Agent Application User Remote Authentication Service Providers Local Authentication Service Providers Remote A-Select Server UDB Filter

4 Supported AuthN Service Providers (ASPs) V 1.1 (now): –IP address –U/p thru RADIUS –Internet banking (banking card) –SMS (mobile phone) V 1.2 (Nov/Dec): –LDAP V 2.0 (?): –SAML V n.n (?): –PKI

5 Implementation A-Select server: Java –Apache + Tomcat Crypto: Cryptix –SHA1 hashes + RSA signatures Filters for Apache and IIS Memory cookies: –Ticket granting ticket (for SSO) –Application ticket Redirection to ASP UDB: –JDBC –LDAP (v1.2) SSL recommended but not required

6 License model A-Select server & agent: free ASPs IP address and RADIUS: free ASPs SMS (and banking card): free for academic community Other ASPs: –Do-it-yourself, or –Contract our developers

7 The Future of A-Select Benchmarking of “similar” products –Functionality –With APIs for ASPs –Price Your input is welcome!

8 What’s next: standardising on APIs? Authentication Systems ? Back Office Authorisation Systems Applications webISO

9 More info More on a-select.surfnet.nla-select.surfnet.nl –Functional & technical design + API –Demo Portal And now…a demo!